ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
10,837 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

10837 Commits

Author SHA1 Message Date
Andreas Steffen 7e20062fdf Added hostapd package to base image 2013-03-22 23:53:39 +01:00
Andreas Steffen 8f72ba4aff Added Framed-IP-Address information to RADIUS accounting records 2013-03-22 23:52:01 +01:00
Andreas Steffen 9fa9f68d8d enforce singular of packets 2013-03-22 21:14:04 +01:00
Tobias Brunner 48d82a7dc7 asprintf(3) requires _GNU_SOURCE to be defined 2013-03-22 19:42:15 +01:00
Andreas Steffen 0b6c43f038 Added ikev2/rw-eap-framed-ip-radius scenario 2013-03-22 19:08:42 +01:00
Andreas Steffen 4a3c1cdc2b Store debug output from standalone IMC/IMVs 2013-03-22 16:45:24 +01:00
Andreas Steffen 1eada67bcb Added ikev2/ip-two-pools-v4v6-db scenario 2013-03-22 12:18:43 +01:00
Tobias Brunner 79306b7e6e Use proper integer types when handling TLS exchanges 
tls_t.build takes a size_t argument not a ssize_t.
 2013-03-22 11:40:57 +01:00
Tobias Brunner 03237238b8 Check return value of asprintf(3) when converting AR identity 
Using chunk_t.ptr as target was also not optimal as it resulted in
a compiler warning.
 2013-03-22 11:34:16 +01:00
Andreas Steffen 753e0a0099 version bump to 5.0.3rc1 2013-03-22 10:38:25 +01:00
Andreas Steffen a1bc67d6c9 Switch encoding of AR Identity Value from binary to UTF-8 2013-03-22 10:37:49 +01:00
Reto Buerki 3db17b0ccc Fixed TKM build 2013-03-22 10:35:48 +01:00
Andreas Steffen 2c80ab3def Build TNC-enabled wpa_supplicant 2013-03-22 10:33:39 +01:00
Andreas Steffen 6e58f0a34f activate logging before loading plugins 2013-03-21 18:04:31 +01:00
Martin Willi dd3c243844 Add a load-tester option to keep allocated external address until shutdown 2013-03-21 10:29:23 +01:00
Tobias Brunner 24b5e71522 android: No need to disable CMS explicitly 
The version check introduced with 0d237763 should take care of it.
 2013-03-20 17:02:37 +01:00
Tobias Brunner 665fac2433 Allow up to 10 NAT-D payloads in IKEv1 messages 2013-03-20 16:20:39 +01:00
Tobias Brunner 1a71178940 Avoid a race condition when reloading secrets from ipsec.secrets 
With the previous implementation that cleared the secrets in the active
credential set and then loaded the secrets, IKE SA establishment would
fail (as initiator or responder) if secrets are concurrently reloaded
and the required secret was not yet loaded.
 2013-03-20 15:27:34 +01:00
Tobias Brunner d307be7f6c Add a method to replace all secrets in a mem_cred_t object 2013-03-20 15:27:34 +01:00
Tobias Brunner 29d93e2470 android: Build native libraries also for x86 
Requires an updated build script for Vstr.
 2013-03-20 15:24:27 +01:00
Tobias Brunner 51f2905d9b android: libtnccs requires headers from libtls 2013-03-20 15:24:27 +01:00
Tobias Brunner 9a4d06df44 android: Fix Android.mk for ipsec script 2013-03-20 15:24:27 +01:00
Tobias Brunner e5d819b617 android: Remove/filter header files from LOCAL_SRC_FILES 
This avoids huge warnings when building the native code.
 2013-03-20 15:24:26 +01:00
Tobias Brunner 8249f288f2 android: Request and install an IPv6 DNS server 2013-03-20 15:24:26 +01:00
Tobias Brunner ee66565d43 android: Also request a virtual IPv6 address and propose IPv6 TS 
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
 2013-03-20 15:24:26 +01:00
Tobias Brunner c994ec3b70 ipsec: Increased log level for message in case no outbound policy is found 
This might happen on Android if sockets are bound to the physical IP
address but packets are still routed via TUN device.  Since it seems to
happen quite often (or for stuff that requires regular traffic) this
hides these messages from the default log.
 2013-03-20 15:24:26 +01:00
Martin Willi e2d2b542f1 Add an option to autobalance a HA cluster automatically 2013-03-19 16:54:20 +01:00
Martin Willi 33524f02f9 Check if for some reason we handle a HA segment on both nodes 2013-03-19 16:50:39 +01:00
Martin Willi 21f40fe891 Acquire HA segment lock while sending heartbeat 2013-03-19 16:50:39 +01:00
Tobias Brunner e8526ae991 Removed unused variable 'id' 2013-03-19 16:37:40 +01:00
Tobias Brunner 5e551da16b Properly cleanup libmysql 
Seems to work correctly with recent MySQL versions.
 2013-03-19 16:33:07 +01:00
Tobias Brunner 2ac772a5d0 Use proper address family when adding multiple addresses to SQL pool 2013-03-19 16:33:07 +01:00
Tobias Brunner fe62707209 Ignore SQL-based IP address pools if their address family does not match 2013-03-19 16:33:07 +01:00
Tobias Brunner 1b33e6c4ca charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features 
This ensures the NM-specific credential set is unloaded before any
implementation of certificate/key objects, which causes a segmentation
fault during shutdown.
 2013-03-19 16:25:26 +01:00
Tobias Brunner 3651c8dcd5 charon-nm: Prevent NM from changing the default route 
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
 2013-03-19 16:25:26 +01:00
Tobias Brunner 9cf09ecad7 charon-nm: Use VIP (if any) as local address 
NM will install this address on the provided device.
 2013-03-19 16:25:26 +01:00
Tobias Brunner c15eea7306 charon-nm: Pass a dummy TUN device to NetworkManager 
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
 2013-03-19 16:25:26 +01:00
Tobias Brunner b7645a5d30 charon-nm: Fix NM plugin utility macros 2013-03-19 16:25:26 +01:00
Tobias Brunner e7017a6bb9 Ignore 'compile' script which is generated by AM_PROG_CC_C_O 2013-03-19 16:19:11 +01:00
Tobias Brunner 68bfee4bc4 Avoid returning COOKIEs right after system boot 
When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).

Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.

Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
 2013-03-19 16:19:11 +01:00
Martin Willi 2071dd63d6 Fix scheduling of heartbeat sending in HA plugin 
e0efd7c1 switches to automated job rescheduling for HA heartbeat. However,
send_status() is initially called directly, which will not reschedule the job
as required.
 2013-03-19 15:48:27 +01:00
Martin Willi 5cf3afd1fa Fix compiler warning in HA plugin 2013-03-19 15:48:27 +01:00
Tobias Brunner 7f0f185bed Merge branch 'tkm' 
This adds charon-tkm a special build of the charon IKEv2 daemon that delegates
security critical operations to a separate process (TKM = Trusted Key Manager).
 2013-03-19 15:25:38 +01:00
Adrian-Ken Rueegsegger 7cc6fa1a98 Various stylistic fixes 2013-03-19 15:24:36 +01:00
Reto Buerki db50a35ad8 Add NEWS about TKM separation 2013-03-19 15:24:36 +01:00
Adrian-Ken Rueegsegger c57b7a66c3 Use network byte order for ESA SPIs 2013-03-19 15:23:51 +01:00
Adrian-Ken Rueegsegger e2928a3e8c Provide MODP-2048 through TKM DH plugin 2013-03-19 15:23:51 +01:00
Adrian-Ken Rueegsegger 7f21523abd Add charon-tkm API documentation 2013-03-19 15:23:51 +01:00
Reto Buerki 0063e03325 Do not hardwire keys to KEY_RSA 
Make the TKM private and public keys more easily extendable by
determining the associated key type dynamically.
 2013-03-19 15:23:51 +01:00
Reto Buerki 38c1fd3cb1 Provide TKM credential encoder 
The TKM credential encoder creates fingerprints of type
KEYID_PUBKEY_INFO_SHA1 and KEYID_PUBKEY_SHA1 using
CRED_PART_RSA_PUB_ASN1_DER.

This makes the pkcs1 plugin unnecessary.
 2013-03-19 15:23:51 +01:00